Cacti is an excellent interface to RRDtool ... simply amazing
The best way I have found to get a per user traffic summary though is
with netfow (ala cisco) with this http://freshmeat.net/projects/flavio/
or astrowflow as a bridge www.netsoft.co.za
I don't know about ipf but there is a netflow exporter for openbsd's pf
http://freshmeat.net/projects/pfflowd/ maybe someone can find something
similar to let m0n0wall export netflow data to a collector to do stats
like this?
David Rodgers
On Thu, 2004-03-18 at 12:28, Jim Gifford wrote:
> Someone pointed me to cacti off-list, and it is a lot nicer than cricket.
> It also doesn't require as much system resources on the server. And best
> of all, it is far more responsive for the user.
>
> However, I'll say the same thing about cacti that I said about MRTG and
> cricket. There aren't any SNMP MIBs on m0n0wall that permit per host or
> per IP address statistics gathering. All you can get is interface
> statistics, which is nice to have, but isn't the level of detail everyone
> keeps asking for.
>
> I'll say that again: the SNMP MIBs in m0n0wall do not exist to do per
> host or per IP address statistics. You can't do a 'top talkers' list
> from the SNMP MIBs that are available.
>
> Every time I've chimed in on a thread about per host traffic stats, I've
> had at least one response pointing me to MRTG (which I used at a previous
> job), or cricket, or now cacti. Of these, cacti is the sweetest, and I
> appreciate the pointer. I'll be removing cricket soon. However, not one
> of those pointing people to MRTG and related utils has demonstrated that
> they can indeed get per host or per IP address stats from m0n0wall. I've
> used snmpwalk, and the MIBs just aren't there for that.
>
> This is a Frequently Asked Question. There are frequently pat answers
> given. Yet, in my opinion, the answers are for the wrong questions. The
> question isn't "how much of my total bandwidth is being used?" the
> question is "which machine/protocol is using all my bandwidth?"
>
> Having said all that, I would love to be proved wrong. Until that
> happens though, I'll be building an ethernet tap and using something like
> ntop or the like.
>
> Oh, and for the original poster, you might want to play with the traffic
> shaping features. If nothing else, you could shape everyone down to a
> fair percentage of the total bandwidth, so that even if they are trying
> to use more than they should, they can't. I'm not sure how feasible
> this would be though.
>
> jim
>
> On Thu, Mar 18, 2004 at 12:34:20PM -0500, Jim Gifford wrote:
> > I've set up cricket to graph the SNMP stats it gets from m0n0wall.
> > Honestly though, the graphs aren't that useful. It sounds like you want
> > a "top talkers" list, and cricket doesn't give that. I doubt that MRTG
> > does either, considering their similar backgrounds and features.
> >
> > You could build an ethernet tap to sit between the LAN and the LAN port
> > on the m0n0wall, and hook that to a machine running something like ntop
> > to get that kind of information.
> >
> > ethernet tap: http://www.snort.org/docs/tap/
> >
> > hope this helps,
> > jim
> >
> > On Thu, Mar 18, 2004 at 08:37:57AM -0600, Brandon Holland wrote:
> > > What do you guys pair your m0n0 with to have traffic stats?
> > >
> > > I think I need them, I have reason to suspect there are certain high
> > > volume internet users that shouldn't be so high volume :'(
> > >
> > >
> > > Brandon Holland (Brandon at Cookssaw dot com)
> > > Network Administrator
> > > Cooks Saw MFG, LLC ( <http://www.cookssaw.com/> www.CooksSaw.com)
> > > "Leading the bandsaw Industry
> > > by providing tomorrow's innovation today"
> > > 160 Ken Lane
> > > Newton, AL 36352 (Click
> > > <http://www.mapquest.com/maps/map.adp?city=newton&state=AL&address=160+k
> > > en+ln&zip=36352&country=us&zoom=5> for map)
> > > Ph: 1-800-473-4804 [ (334) 692-5074 ]
> > > Fax: (334) 692-3704
> > >
> > >
> > >
> > >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>